From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp2 ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms11 with LMTPS id 8DVKOjKrCGDfEAAA0tVLHw (envelope-from ) for ; Wed, 20 Jan 2021 22:14:10 +0000 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp2 with LMTPS id sFQuNjKrCGA6ZAAAB5/wlQ (envelope-from ) for ; Wed, 20 Jan 2021 22:14:10 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id A6F3594024D for ; Wed, 20 Jan 2021 22:14:06 +0000 (UTC) Received: from localhost ([::1]:38658 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1l2Ljp-0000iV-I7 for larch@yhetil.org; Wed, 20 Jan 2021 17:14:05 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:33632) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1l2KKg-0000Wp-Qf for guix-patches@gnu.org; Wed, 20 Jan 2021 15:44:02 -0500 Received: from debbugs.gnu.org ([209.51.188.43]:44796) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1l2KKg-0002g8-J2 for guix-patches@gnu.org; Wed, 20 Jan 2021 15:44:02 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1l2KKg-0001Dk-Fv for guix-patches@gnu.org; Wed, 20 Jan 2021 15:44:02 -0500 X-Loop: help-debbugs@gnu.org Subject: [bug#46008] [PATCH] added mdevd, umtps, nsss Resent-From: s.karrmann@web.de Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Wed, 20 Jan 2021 20:44:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 46008 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 46008@debbugs.gnu.org X-Debbugs-Original-To: guix-patches@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.16111753834586 (code B ref -1); Wed, 20 Jan 2021 20:44:02 +0000 Received: (at submit) by debbugs.gnu.org; 20 Jan 2021 20:43:03 +0000 Received: from localhost ([127.0.0.1]:56339 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1l2KJh-0001Ba-N1 for submit@debbugs.gnu.org; Wed, 20 Jan 2021 15:43:03 -0500 Received: from lists.gnu.org ([209.51.188.17]:33556) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1l2Jfs-0000BW-BE for submit@debbugs.gnu.org; Wed, 20 Jan 2021 15:01:53 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:53972) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1l2Jfq-0000kV-N2 for guix-patches@gnu.org; Wed, 20 Jan 2021 15:01:50 -0500 Received: from mout.web.de ([217.72.192.78]:37465) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1l2Jfh-0005eO-5n for guix-patches@gnu.org; Wed, 20 Jan 2021 15:01:50 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=web.de; s=dbaedf251592; t=1611172896; bh=IclvVfdcxvbQwkJAvTC6FJ5T69TT8nXrm1SEHiCkNdI=; h=X-UI-Sender-Class:From:To:Subject:Date; b=rsu7Eqs1d+OGH6VswGTSAcveSIEwDIBaORTB1nxhZb50WppZQnFPHEY+Jaojtvh5h rph9qeZ9SVtSTPiqK3cu9AArT3+8j3UNBtDbPUUZRzMfl77ndmBFITfesMjfdfkIu4 4zbICin0aUAkaWq4jdVIUANikEd+Ut1W3Igz1E7Q= X-UI-Sender-Class: c548c8c5-30a9-4db5-a2e7-cb6cb037b8f9 Received: from [88.64.83.67] ([88.64.83.67]) by web-mail.web.de (3c-app-webde-bap33.server.lan [172.19.172.33]) (via HTTP); Wed, 20 Jan 2021 21:01:36 +0100 MIME-Version: 1.0 Message-ID: From: s.karrmann@web.de Content-Type: text/plain; charset=UTF-8 Date: Wed, 20 Jan 2021 21:01:36 +0100 Importance: normal Sensitivity: Normal Content-Transfer-Encoding: quoted-printable X-Priority: 3 X-Provags-ID: V03:K1:5M35x/SitLISK0TQmySFVwqmKU97RI/JmVxgLcvtQFEa3hE/pdu0EZpt16vOeX9gpbimH UyWD4UgM78ZDUrm7D0Ku6Qtt30FXU4GgYXD4E3HS3eYa12CSf7N7fdCLrV/m6ukvp93vLKyM0UqF 1c747+G8HC0A36Tn5zR1OpVcJjYwReMMWsoM7qS+WkHKMxsWPDUtqoNSq+rU9ONb1mlGsw/RHyEI g+6hKgfz2M7OzGsU4zkHz8oOzAY8Eq2tHW69mQNCvjKKZGxzXj4+0e0vLHXBQ9FwLo6bZVhXY7K0 VE= X-UI-Out-Filterresults: notjunk:1;V03:K0:Z/ogfhwHEEw=:wgWyawpcDjOX2GeR5vezPv uEMvYJExCDvLqED2qmvdlfrPHopObu1IVELrR8si4gONvB855D+A356OHPwhpwpxbf8YAKDqU kLwkFA8pLQp7qKU3aeceiD1vafifXyPlfT4BAWEg/zGBXaDp9izvQU+9v6G2Sy6qEsfZHgZMp 1+2kZpZzNVY5ZOtb6RRBPAeUD88xSXSerh3dAZqx1avVp9uIIOtTsJnHSjU/4lnx23YsqTVkB PpkR52xL9/Tl2NjId0gnZARcsoa9KSshaO9fpunHkvvD7sl8CJ8p4uB9nRg3axF7fbNw7KHZv apuRKCb4aTGEaCYN0bUogyu9Busx5owTuR6UaSCVtzdwqR3aTF//s4Y8MqNp0z/xkJCIfs/VS kMnaNvOCOoVWkTxgxBviQeKTixowM3boSU/O+zSfIMTwEUqXU+JjxejgFK3XlSauiT1LtAgaa GpzhTy9ckuGeRookPUH2CW3J7gS8eivHKJ6YoqRzwAQVN8+c3oycqup7bh+0HixAsISe3ZYfc 8XC4XgmB2s33tQdv7W4OiELXz2ZE3oq3bim74g8Bsf5yyS2y2qAXspVYazCtA18mZemTtUVXp kmZ31SA5ZKRuk= Received-SPF: pass client-ip=217.72.192.78; envelope-from=s.karrmann@web.de; helo=mout.web.de X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-Mailman-Approved-At: Wed, 20 Jan 2021 15:43:01 -0500 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-Mailman-Approved-At: Wed, 20 Jan 2021 17:13:46 -0500 X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: "Guix-patches" X-Migadu-Flow: FLOW_IN X-Migadu-Spam-Score: -0.75 Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=web.de header.s=dbaedf251592 header.b=rsu7Eqs1; dmarc=fail reason="SPF not aligned (relaxed)" header.from=web.de (policy=none); spf=pass (aspmx1.migadu.com: domain of guix-patches-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-patches-bounces@gnu.org X-Migadu-Queue-Id: A6F3594024D X-Spam-Score: -0.75 X-Migadu-Scanner: scn1.migadu.com X-TUID: i+Ik+JuE/LdQ >From 1f47de4ed6a82c7e75560b67cacaff0c4d923f00 Mon Sep 17 00:00:00 2001 From: "S=2EKarrmann" Date: Wed, 20 Jan 2021 20:48:46 +0100 Subject: [PATCH] added mdevd, umtps, nsss --- gnu/packages/skarnet=2Escm | 134 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 134 insertions(+) diff --git a/gnu/packages/skarnet=2Escm b/gnu/packages/skarnet=2Escm index 51be1a30e8=2E=2E8f66b5ad99 100644 --- a/gnu/packages/skarnet=2Escm +++ b/gnu/packages/skarnet=2Escm @@ -4,6 +4,7 @@ ;;; Copyright =C2=A9 2017 Z=2E Ren ;;; Copyright =C2=A9 2018=E2=80=932021 Tobias Geerinckx-Rice ;;; Copyright =C2=A9 2020 Oleg Pykhalov +;;; Copyright =C2=A9 2021 Dr=2E Stefan Karrmann ;;; ;;; This file is part of GNU Guix=2E ;;; @@ -368,3 +369,136 @@ all the details=2E"))) "s6-linux-utils is a set of minimalistic Linux-specific system utili= ties, such as @command{mount}, @command{umount}, and @command{chroot} commands, Linux uevent listeners, a @command{devd} device hotplug daemon, and more= =2E"))) + +(define-public mdevd + (package + (name "mdevd") + (version "0=2E1=2E3=2E0") + (source + (origin + (method url-fetch) + (uri (string-append + "https://skarnet=2Eorg/software/mdevd/mdevd-" + version "=2Etar=2Egz")) + (sha256 + (base32 "0spvw27xxd0m6j8bl8xysmgsx18fl769smr6dsh25s2d5h3sp2dy")))) + (build-system gnu-build-system) + (inputs `(("skalibs" ,skalibs) + ("execline" ,execline))) + (arguments + '(#:configure-flags (list + (string-append "--with-lib=3D" + (assoc-ref %build-inputs "skalib= s") + "/lib/skalibs") + (string-append "--with-sysdeps=3D" + (assoc-ref %build-inputs "skalib= s") + "/lib/skalibs/sysdeps")) + #:tests? #f)) ; no tests exist + (home-page "https://skarnet=2Eorg/software/mdevd") + (license isc) + (synopsis "A small daemon managing kernel hotplug events, similarly t= o udevd") + (description + "It uses the same configuration file as mdev, which is a hotplug +manager integrated in the Busybox suite of tools=2E However, mdev needs +to be registered in /proc/sys/kernel/hotplug, and the kernel forks an +instance of mdev for every event; by contrast, mdevd is a daemon and +does not fork=2E + +The point of mdevd is to provide a drop-in replacement to mdev that +does not fork, so it can handle large influxes of events at boot time +without a performance drop=2E mdevd is designed to be entirely +compatible with advanced mdev usage such as mdev-like-a-boss=2E"))) + +(define-public utmps + (package + (name "utmps") + (version "0=2E1=2E0=2E0") + (source + (origin + (method url-fetch) + (uri (string-append + "https://skarnet=2Eorg/software/utmps/utmps-" + version "=2Etar=2Egz")) + (sha256 + (base32 "09p0k2sgxr7jlsbrn66fzvzf9zxvpjp85y79xk10hxjglypszyml")))) + (build-system gnu-build-system) + (inputs `(("skalibs" ,skalibs) + ("s6" ,s6))) + (arguments + '(#:configure-flags (list + (string-append "--with-lib=3D" + (assoc-ref %build-inputs "skalib= s") + "/lib/skalibs") + (string-append "--with-sysdeps=3D" + (assoc-ref %build-inputs "skalib= s") + "/lib/skalibs/sysdeps")) + #:tests? #f)) ; no tests exist + (home-page "https://skarnet=2Eorg/software/utmps") + (license isc) + (synopsis "Implementation of the utmpx=2Eh family of functions perfor= ming user accounting on Unix systems") + (description + "Traditionally, utmp functionality is provided by the system's libc= =2E +However, not all libcs implement utmp: for instance the musl libc, on +Linux, does not=2E The main reason for it is that utmp functionality is +difficult to implement in a secure way; in particular, it is +impossible to implement without either running a daemon or allowing +arbitrary programs to tamper with user accounting=2E + +utmps is a secure implementation of user accounting, using a daemon as +the only authority to manage the utmp and wtmp data; programs running +utmp functions are just clients to this daemon=2E"))) + +(define-public nsss + (package + (name "nsss") + (version "0=2E1=2E0=2E0") + (source + (origin + (method url-fetch) + (uri (string-append + "https://skarnet=2Eorg/software/nsss/nsss-" + version "=2Etar=2Egz")) + (sha256 + (base32 "15rxbwf16wm1la079yr2xn4bccjgd7m8dh6r7bpr6s57cj93i2mq")))) + (build-system gnu-build-system) + (inputs `(("skalibs" ,skalibs) + ("s6" ,s6))) + (arguments + '(#:configure-flags (list + (string-append "--with-lib=3D" + (assoc-ref %build-inputs "skalib= s") + "/lib/skalibs") + (string-append "--with-sysdeps=3D" + (assoc-ref %build-inputs "skalib= s") + "/lib/skalibs/sysdeps")) + #:tests? #f)) ; no tests exist + (home-page "https://skarnet=2Eorg/software/nsss") + (license isc) + (synopsis "subset of the pwd=2Eh, group=2Eh and shadow=2Eh family of = functions, performing user database access on Unix systems") + (description + "Usually, user database access via getpwnam() and similar function i= s +provided by the system's libc=2E However, not all libcs implement a +configurable backend for the user/group database=2E For instance the +musl libc, on Linux, only supports the standard /etc/passwd mechanism; +it also supports the nscd protocol but this is not quite enough: + +musl only connects to nscd when it cannot find an answer in its files bac= kend +The nscd protocol does not support enumeration, so primitives +such as getpwent() cannot be implemented over nscd=2E + +The mechanism used by glibc, called Name Service Switch +(abbreviated to nsswitch or NSS), has its own set of issues +that makes it unsuitable in certain situations=2E + +nsss is a secure implementation of a \"name service switch\": +configurable user/group/shadow database access, providing +getpwnam() et al=2E functionality by communicating over a Unix +domain socket with a daemon; the daemon can perform lookups in +any database it chooses=2E + +nsss does not perform dynamic module loading, only adds a +small footprint to the application's binary, and does not add +any complex decision engine into the client's address space=2E +Applications can be statically linked against the nsss +library, and still benefit from configurable user database +access functions=2E"))) --=20 2=2E29=2E2 =C2=A0